PIT Overload Analysis in Content Centric Networks - Slides ICN '13
16
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013 1/16 PIT Overload Analysis in Content Centric Networks Matteo Virgilio, Guido Marchetto, Riccardo Sisto Department of Control and Computer Engineering Politecnico di Torino
-
Upload
matteo-virgilio -
Category
Technology
-
view
121 -
download
0
description
Analysis of the Pending Interest Table behavior in the context of a distributed denial of service attack. Slides presented at: 3rd ACM SIGCOMM Workshop on Information-Centric Networking (ICN 2013) - Hong Kong, China The paper is available at: http://conferences.sigcomm.org/sigcomm/2013/papers/icn/p67.pdf
Transcript of PIT Overload Analysis in Content Centric Networks - Slides ICN '13
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
1/16
PIT Overload Analysis in Content
Centric Networks
Matteo Virgilio, Guido Marchetto, Riccardo Sisto Department of Control and Computer Engineering
Politecnico di Torino
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
2/16
A stateful protocol: the Pending Interest Table
• Used to store all seen Interests
• One entry for each requested piece of content
• Multiple Interests for a single name are merged in a single
entry (Interest merging)
Name PendingInterfaces
/acm.org/papers/paperA.pdf/1 etho
/acm.org/papers/paperB.pdf/1 eth1
/acm.org/papers/paperA.pdf/2 eth0
/acm.org/papers/paperB.pdf/2 eth1
CCN Router PIT
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
3/16
Problem Description
• Malicious users could craft Interests for non existing
resources: Interest Flooding Attack (IFA)
– Very long random names
– possibly long lifetime values (even hundreads of seconds)
• Why do we have to consider so “long” requests? The
answer is long-polling!
• Supporting publish/subscribe paradigm may require to
store long (potentially unanswered) requests for a long
period of time
• No information about when the response will be generated
(routers cannot make any assumption)
• Simply dropping Interests with high lifetime is too simplistic
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
4/16
What has been done in recent literature?
• A wide part of the research activity focused on privacy and
data integrity issues
• What about the PIT?
– Some architecture proposals
• Bloom filter implementation of the PIT (DiPIT)
• Hash based PIT implementation with some interesting variants
(Name Prefix Tree encoding)
– Reactive algorithms for IFA handling:
• Statistics based reaction to attackers activity;
• Poseidon Framework (very recent)
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
5/16
Our contribution
• Simulation based approach
– we developed a full custom Java ccnSimulator
• Different target: evaluating attack impact on a real
topology
• Evaluate different PIT architectures in various network load
(and attack) scenarios
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
6/16
Simulation scenario
• Reference topology from Telecom Italia (the most prominent
Italian ISP)
• 9 milions of subscribers
• ADSL with 7Mbps/1Mbps(downlink/uplink)
• Zipf content distribution
• Metrics gathered
– Chunk retransmission rate
at the endpoints
• Fixed PIT size
– 1 GB
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
7/16
Attack model
• Distributed bot net
• Different simulation campaigns
1) Variable lifeTime
2) Variable bandwidth
• Different URI size
≈1000 bytes for the SimplePIT
case
20 bytes for the HashedPIT
case (SHA-1 as hashing
algorithm)
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
8/16
Attacker’s transmission efficiency
SimplePIT
Attack efficiency
HashedPIT, DiPIT
Attack efficiency
Interest Header(20 bytes)
Resource name(1000 bytes)
Interest Header(20 bytes)
Resource name(20 bytes)
%98)100020(
1000
bytes
bytes%50
)2020(
20
bytes
bytes
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
9/16
Simulation Results (1)
AttackSettings SimplePITRetransmissions /RAM usage
HashedPITRetransmissions/RAM usage
DiPITRetransmissions/RAM usage
Band = 100 Mbps
LifeTime= 4 sec0 49 MB 0 25 MB 0.01 % 1 GB
Band = 500 Mbps
LifeTime= 4 sec0 245 MB 0 125 MB 2.42 % 1 GB
Band = 2 Gbps
LifeTime= 4 sec0 980 MB 0 500 MB 87.6 % 1 GB
Band = 4 Gbps
LifeTime= 4 sec15 % FULL 83 % FULL 90 % 1 GB
Band = 100 Mbps
LifeTime= 60 sec0 735 MB 0 375 MB 21 % 1 GB
Band = 100 Mbps
LifeTime= 120 sec37 % FULL 0 750 MB 86 % 1 GB
Band = 100 Mbps
LifeTime= 180 sec52 % FULL ∞ FULL 88 % 1 GB
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
10/16
Simulation Results (1)
AttackSettings SimplePITRetransmissions /RAM usage
HashedPITRetransmissions/RAM usage
DiPITRetransmissions/RAM usage
Band = 100 Mbps
LifeTime= 4 sec0 49 MB 0 25 MB 0.01 % 1 GB
Band = 500 Mbps
LifeTime= 4 sec0 245 MB 0 125 MB 2.42 % 1 GB
Band = 2 Gbps
LifeTime= 4 sec0 980 MB 0 500 MB 87.6 % 1 GB
Band = 4 Gbps
LifeTime= 4 sec15 % FULL 83 % FULL 90 % 1 GB
Band = 100 Mbps
LifeTime= 60 sec0 735 MB 0 375 MB 21 % 1 GB
Band = 100 Mbps
LifeTime= 120 sec37 % FULL 0 750 MB 86 % 1 GB
Band = 100 Mbps
LifeTime= 180 sec52 % FULL ∞ FULL 88 % 1 GB
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
11/16
Simulation Results (1)
AttackSettings SimplePITRetransmissions /RAM usage
HashedPITRetransmissions/RAM usage
DiPITRetransmissions/RAM usage
Band = 100 Mbps
LifeTime= 4 sec0 49 MB 0 25 MB 0.01 % 1 GB
Band = 500 Mbps
LifeTime= 4 sec0 245 MB 0 125 MB 2.42 % 1 GB
Band = 2 Gbps
LifeTime= 4 sec0 980 MB 0 500 MB 87.6 % 1 GB
Band = 4 Gbps
LifeTime= 4 sec15 % FULL 83 % FULL 90 % 1 GB
Band = 100 Mbps
LifeTime= 60 sec0 735 MB 0 375 MB 21 % 1 GB
Band = 100 Mbps
LifeTime= 120 sec37 % FULL 0 750 MB 86 % 1 GB
Band = 100 Mbps
LifeTime= 180 sec52 % FULL ∞ FULL 88 % 1 GB
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
12/16
Simulation Results (1)
AttackSettings SimplePITRetransmissions /RAM usage
HashedPITRetransmissions/RAM usage
DiPITRetransmissions/RAM usage
Band = 100 Mbps
LifeTime= 4 sec0 49 MB 0 25 MB 0.01 % 1 GB
Band = 500 Mbps
LifeTime= 4 sec0 245 MB 0 125 MB 2.42 % 1 GB
Band = 2 Gbps
LifeTime= 4 sec0 980 MB 0 500 MB 87.6 % 1 GB
Band = 4 Gbps
LifeTime= 4 sec15 % FULL 83 % FULL 90 % 1 GB
Band = 100 Mbps
LifeTime= 60 sec0 735 MB 0 375 MB 21 % 1 GB
Band = 100 Mbps
LifeTime= 120 sec37 % FULL 0 750 MB 86 % 1 GB
Band = 100 Mbps
LifeTime= 180 sec52 % FULL ∞ FULL 88 % 1 GB
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
13/16
Simulation Results (2)
• Settings: Band = 100 Mbps, LifeTime = 180 sec
• Settings: Band = 4 Gbps, LifeTime = 4 sec
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
14/16
Conclusion
• All the architectures work properly in normal network
conditions and also in presence of low intensity attack
• HashedPIT is the most affected PIT in our context
• Other scenarios could be designed to worsen SimplePIT too
– Distribute more zombies around the network;
– Combine both high bandwidth and high lifetime to maximize
the attack effectiveness;
– …
• Scalable and robust solutions are needed to ensure an
adequate level of confidence to the CCN paradigm.
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
15/16
Future contribution
• Very recent solutions have been proposed to mitigate the
impact of Interest Flooding Attacks
• Our plan for the future is to evaluate them in our scenarios
in terms of:
– Resilience
– CPU usage
– Memory usage
ACM SIGCOMM Workshop on Information-Centric Networking – 12/08/2013
16/16
Thank you for the attention!
